QuoteFlame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar 'super-weapons' currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It's big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.
For the full low-down on this advanced threat, read on...
http://www.securelist.com/en/blog?weblogid=208193522# (http://www.securelist.com/en/blog?weblogid=208193522#)
Well if Microsoft could only offer a work-around at best for DUQU I guess this one also will be here to stay for a while. :(
Oh...Joy.
Bet I will get it if I don't have it now. Seems My 'puter has a very weak immune system.
Oh, the news just keeps getting better though...
Flame Malware Spreading Itself Via Bogus Windows Updates
QuoteOne of the ways Flames uses the certificates to spread itself is through false Windows updates, according to Alex Gostev, chief malware expert at Kaspersky Lab.
QuoteAfter discovering the certificate problem, Microsoft acted quickly to address it. On Sunday, it issued a security advisory and a patch revoking the compromised certificates.
http://www.pcworld.com/article/256862/flame_malware_spreading_itself_via_bogus_windows_updates.html (http://www.pcworld.com/article/256862/flame_malware_spreading_itself_via_bogus_windows_updates.html)
Ironically this came in the form of a Windows update. :P
Microsoft releases Security Advisory 2718704
QuoteWe have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.
We are taking several steps to remove this risk:
• First, today we released a Security Advisory outlining steps our customers can take to block software signed by these unauthorized certificates.
• Second, we released an update that automatically takes this step for our customers.
• Third, the Terminal Server Licensing Service no longer issues certificates that allow code to be signed.
Let's hope the Flame update doesn't have the same name as the Windows update to remove it. :-X
http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx (http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx)